Keep getting logged out

[Cider]

Hi,

Was wondering if any of the website fundis could help out here.

http://support.pandasecurity.com/forum

When logging into the above site it goes fine, however when I navigate it seems to log me out. Cant do much as it will lock you out. I am assuming this is because the session ID is changing for some reason ...

Could anyone shed some light on this? I don't think this is a browser issue as I have tried it at home and works fine. Cookies are enabled ...

Thanks

[morganlefay]

Maybe its a setting in Group Policy...thats why it doesnt happen at home.

MLF

[Cheap Scotch Ron]

how is authentication defined in the webconfig for this site/virtual directory?


fyi... I was able to register, login and browse around. No problems.

I have tried it at home and works fine

When u try from home are you logged into the domain?

[t34b4g5]

Hi,

Was wondering if any of the website fundis could help out here.

http://support.pandasecurity.com/forum

When logging into the above site it goes fine, however when I navigate it seems to log me out. Cant do much as it will lock you out. I am assuming this is because the session ID is changing for some reason ...

Could anyone shed some light on this? I don't think this is a browser issue as I have tried it at home and works fine. Cookies are enabled ...

Thanks

Greetz.

Could be cache corruption, it could be coookie session timeout, it could be a problem with the DB..

Now it shouldn't be the session id changing, simply because once you do a fresh log in the session is stored, if you have the remember me box checked then if you go to the site the next day etc the db checks the sess id against ur userid in the db.

If the session hash is fine it logs you back in automagically.

Unless of course the cookie session has been dumbed down in the AdminCP, thus would cause issues like this.
And i don't suppose you have admin credentials for the site?

anyhow does it happen under different browsers?

[Cider]

anyhow does it happen under different browsers?

yebo

Maybe its a setting in Group Policy...that's why it doesn't happen at home.

We don't use GP here .. I edit my own security policy on the local machine ...

how is authentication defined in the webconfig for this site/virtual directory?

explain ...

And i don't suppose you have admin credentials for the site?

Our HO admins this site so I can get anything I request to sort it out ...

Im going to log out of the domain and logon locally to check. doubt it though.

[Cider]

Logged on locally and same results ...

[Cheap Scotch Ron]

explain ...

I suspect that some users are connecting with the anonymous (or other e.g. impersonate) credentials which allow access and some credentials dont have the privs.
authentication scheme can be specified in the properties tab for the site under IIS admin. Can also be set in the web.config for the virtual directory or at the site level.

Post the web.config (located in VD) here. Look in properties tab for VD in IIS admin to see the security settings.